| <script> | |
| if (window.testRunner) | |
| testRunner.dumpAsText(); | |
| </script> | |
| <meta http-equiv="Content-Security-Policy" content="script-src 'unsafe-inline'"> | |
| <iframe src="about:blank"></iframe> | |
| Eval should be blocked in the iframe, but inline script should be allowed. | |
| <script> | |
| window.onload = function() { | |
| frames[0].document.write("<script>alert(/PASS/); eval('alert(/FAIL/);');<\/script>"); | |
| } | |
| </script> |